<?php
session_start();
$admin_name = htmlspecialchars($_POST['admin_name']);
$admin_pwd = htmlspecialchars($_POST['admin_pwd']);
//htmlspecialchars()：将特殊字符转换为HTML实体，以防止XSS（跨站脚本攻击）。
require "../query_db.php";   // 连接数据库
$sql = "select admin_name,admin_pet,admin_pwd from admin_info where admin_name ='$admin_name' and admin_pwd='$admin_pwd'";
// echo $sql;


$result = mysqli_query($conn, $sql);  // 执行sql语句查询并返回结果
if (mysqli_num_rows($result) == 1) {  //函数返回结果的行数
    $row = mysqli_fetch_assoc($result);  //该函数获取查询结果的一行，放入数组中
    // echo $row['admin_name'];
    $_SESSION['admin_name'] = $row['admin_name'];
    $_SESSION['admin_pet'] = $row['admin_pet'];
    setcookie('admin_name', $admin_name, time() + 3600);
    echo "<script>alert('登录成功！');window.location.href='admin_index.php';</script>";
} else {
      echo "<script>alert('用户名或密码错误！');window.location.href='admin_login.php';</script>";
}
// 关闭数据库连接
mysqli_close($conn);
?>
